3 * Copyright (c) 1992-2001 by Mike Gleason.
13 /* How many times they've run this program. */
14 int gNumProgramRuns
= 0;
16 /* Firewall/proxy configuration parameters. */
18 char gFirewallHost
[64];
19 char gFirewallUser
[32];
20 char gFirewallPass
[32];
21 char gFirewallExceptionList
[256];
22 unsigned int gFirewallPort
;
23 int gFirewallPrefsLoaded
= 0;
25 /* Active or passive FTP? (PORT or PASV?) Or both? */
28 /* Hack so the user/admin can set passive in the firewall
31 int gFwDataPortMode
= -1;
33 extern FTPLibraryInfo gLib
;
34 extern char gOurDirectoryPath
[], gUser
[], gVersion
[];
37 /* Save a sample configuration file for the firewall/proxy setup. */
39 WriteDefaultFirewallPrefs(FILE *fp
)
44 FTPInitializeOurHostName(&gLib
);
45 cp
= strchr(gLib
.ourHostName
, '.');
47 (void) fprintf(fp
, "%s", "\
48 # NcFTP firewall preferences\n\
49 # ==========================\n\
53 (void) fprintf(fp
, "%s", "\
54 # If you need to use a proxy for FTP, you can configure it below.\n\
55 # If you do not need one, leave the ``firewall-type'' variable set\n\
56 # to 0. Any line that does not begin with the ``#'' character is\n\
57 # considered a configuration command line.\n\
59 (void) fprintf(fp
, "%s", "\
61 # NOTE: NcFTP does NOT support HTTP proxies that do FTP, such as \"squid\"\n\
62 # or Netscape Proxy Server. Why? Because you have to communicate with\n\
63 # them using HTTP, and this is a FTP only program.\n\
65 (void) fprintf(fp
, "%s", "\
67 # Types of firewalls:\n\
68 # ------------------\n\
70 # type 1: Connect to firewall host, but send \"USER user@real.host.name\"\n\
73 (void) fprintf(fp
, "%s", "\
74 # type 2: Connect to firewall, login with \"USER fwuser\" and\n\
75 # \"PASS fwpassword\", and then \"USER user@real.host.name\"\n\
77 # type 3: Connect to and login to firewall, and then use\n\
78 # \"SITE real.host.name\", followed by the regular USER and PASS.\n\
81 (void) fprintf(fp
, "%s", "\
82 # type 4: Connect to and login to firewall, and then use\n\
83 # \"OPEN real.host.name\", followed by the regular USER and PASS.\n\
85 # type 5: Connect to firewall host, but send\n\
86 # \"USER user@fwuser@real.host.name\" and\n\
87 # \"PASS pass@fwpass\" to login.\n\
90 (void) fprintf(fp
, "%s", "\
91 # type 6: Connect to firewall host, but send\n\
92 # \"USER fwuser@real.host.name\" and\n\
93 # \"PASS fwpass\" followed by a regular\n\
94 # \"USER user\" and\n\
95 # \"PASS pass\" to complete the login.\n\
98 (void) fprintf(fp
, "%s", "\
99 # type 7: Connect to firewall host, but send\n\
100 # \"USER user@real.host.name fwuser\" and\n\
101 # \"PASS pass\" followed by\n\
102 # \"ACCT fwpass\" to complete the login.\n\
104 # type 0: Do NOT use a firewall (most users will choose this).\n\
111 (void) fprintf(fp
, "%s", "\
112 # The ``firewall-host'' variable should be the IP address or hostname of\n\
113 # your firewall server machine.\n\
118 (void) fprintf(fp
, "firewall-host=firewall.domain.com\n");
120 (void) fprintf(fp
, "firewall-host=firewall%s\n", cp
);
123 (void) fprintf(fp
, "%s", "\
127 # The ``firewall-user'' variable tells NcFTP what to use as the user ID\n\
128 # when it logs in to the firewall before connecting to the outside world.\n\
131 (void) fprintf(fp
, "firewall-user=%s\n", gUser
);
132 (void) fprintf(fp
, "%s", "\
136 # The ``firewall-password'' variable is the password associated with\n\
137 # the firewall-user ID. If you set this here, be sure to change the\n\
138 # permissions on this file so that no one (except the superuser) can\n\
139 # see your password. You may also leave this commented out, and then\n\
140 # NcFTP will prompt you each time for the password.\n\
142 (void) fprintf(fp
, "%s", "\
144 firewall-password=fwpass\n\
148 # Your firewall may require you to connect to a non-standard port for\n\
149 # outside FTP services, instead of the internet standard port number (21).\n\
153 (void) fprintf(fp
, "%s", "\
157 # You probably do not want to FTP to the firewall for hosts on your own\n\
158 # domain. You can set ``firewall-exception-list'' to a list of domains\n\
159 # or hosts where the firewall should not be used. For example, if your\n\
160 # domain was ``probe.net'' you could set this to ``.probe.net''.\n\
163 (void) fprintf(fp
, "%s", "\
164 # If you leave this commented out, the default behavior is to attempt to\n\
165 # lookup the current domain, and exclude hosts for it. Otherwise, set it\n\
166 # to a list of comma-delimited domains or hostnames. The special token\n\
167 # ``localdomain'' is used for unqualified hostnames, so if you want hosts\n\
168 # without explicit domain names to avoid the firewall, be sure to include\n\
169 # that in your list.\n\
174 (void) fprintf(fp
, "firewall-exception-list=%s,localhost,localdomain\n", cp
);
176 (void) fprintf(fp
, "firewall-exception-list=.probe.net,localhost,foo.bar.com,localdomain\n");
179 (void) fprintf(fp
, "%s", "\
183 # You may also specify passive mode here. Normally this is set in the\n\
184 # regular $HOME/.ncftp/prefs file. This must be set to one of\n\
185 # \"on\", \"off\", or \"optional\", which mean always use PASV,\n\
186 # always use PORT, and try PASV then PORT, respectively.\n\
191 (void) fprintf(fp
, "\
195 # NOTE: This file was created for you on %s\
196 # by NcFTP %.5s. Removing this file will cause the next run of NcFTP\n\
197 # to generate a new one, possibly with more configurable options.\n",
200 (void) fprintf(fp
, "\
202 # ALSO: A %s file, if present, is processed before this file,\n\
203 # and a %s file, if present, is processed after.\n",
204 kGlobalFirewallPrefFileName
,
205 kGlobalFixedFirewallPrefFileName
207 } /* CreateDefaultFirewallPrefs */
213 ProcessFirewallPrefFile(FILE *fp
)
219 /* Opened the firewall preferences file. */
220 line
[sizeof(line
) - 1] = '\0';
221 while (fgets(line
, sizeof(line
) - 1, fp
) != NULL
) {
222 tok1
= strtok(line
, " =\t\r\n");
223 if ((tok1
== NULL
) || (tok1
[0] == '#'))
225 tok2
= strtok(NULL
, "\r\n");
228 if (ISTREQ(tok1
, "firewall-type")) {
230 if ((n
> 0) && (n
<= kFirewallLastType
))
232 } else if (ISTREQ(tok1
, "firewall-host")) {
233 (void) STRNCPY(gFirewallHost
, tok2
);
234 } else if (ISTREQ(tok1
, "firewall-port")) {
237 gFirewallPort
= (unsigned int) n
;
238 } else if (ISTREQ(tok1
, "firewall-user")) {
239 (void) STRNCPY(gFirewallUser
, tok2
);
240 } else if (ISTREQ(tok1
, "firewall-pass")) {
241 (void) STRNCPY(gFirewallPass
, tok2
);
242 } else if (ISTREQ(tok1
, "firewall-password")) {
243 (void) STRNCPY(gFirewallPass
, tok2
);
244 } else if (ISTREQ(tok1
, "firewall-exception-list")) {
245 (void) STRNCPY(gFirewallExceptionList
, tok2
);
246 } else if (ISTREQ(tok1
, "passive")) {
247 if (ISTREQ(tok2
, "optional")) {
248 gDataPortMode
= gFwDataPortMode
= kFallBackToSendPortMode
;
249 } else if (ISTREQ(tok2
, "on")) {
250 gDataPortMode
= gFwDataPortMode
= kPassiveMode
;
251 } else if (ISTREQ(tok2
, "off")) {
252 gDataPortMode
= gFwDataPortMode
= kSendPortMode
;
253 } else if ((int) isdigit(tok2
[0])) {
254 gDataPortMode
= gFwDataPortMode
= atoi(tok2
);
258 } /* ProcessFirewallPrefFile */
263 /* Load those options specific to the firewall/proxy settings. These are
264 * kept in a different file so that other programs can read it and not
265 * have to worry about the other junk in the prefs file.
268 LoadFirewallPrefs(int forceReload
)
276 if ((gFirewallPrefsLoaded
!= 0) && (forceReload
== 0))
278 gFirewallPrefsLoaded
= 1;
280 if (gOurDirectoryPath
[0] == '\0')
281 return; /* Don't create in root directory. */
282 (void) OurDirectoryPath(pathName
, sizeof(pathName
), kFirewallPrefFileName
);
284 /* Set default values. */
285 gFirewallType
= kFirewallNotInUse
;
287 gFirewallHost
[0] = '\0';
288 gFirewallUser
[0] = '\0';
289 gFirewallPass
[0] = '\0';
290 gFirewallExceptionList
[0] = '\0';
292 fp2
= fopen(kGlobalFirewallPrefFileName
, FOPEN_READ_TEXT
);
294 /* Initialize to system-wide defaults. */
295 ProcessFirewallPrefFile(fp2
);
300 fp
= fopen(pathName
, FOPEN_READ_TEXT
);
302 /* Do user's firewall file. */
303 ProcessFirewallPrefFile(fp
);
308 fp2
= fopen(kGlobalFixedFirewallPrefFileName
, FOPEN_READ_TEXT
);
310 /* Override with system-wide settings. */
311 ProcessFirewallPrefFile(fp2
);
316 if ((userFile
== 0) && (sysFile
== 0)) {
317 /* Create a blank one, if
318 * there were no system-wide files.
320 fp
= fopen(pathName
, FOPEN_WRITE_TEXT
);
322 WriteDefaultFirewallPrefs(fp
);
324 (void) chmod(pathName
, 00600);
329 if (gFirewallExceptionList
[0] == '\0') {
330 FTPInitializeOurHostName(&gLib
);
331 cp
= strchr(gLib
.ourHostName
, '.');
334 (void) STRNCPY(gFirewallExceptionList
, cp
);
335 (void) STRNCAT(gFirewallExceptionList
, ",localdomain");
338 } /* LoadFirewallPrefs */